Web Services Security: Moving up the stack
In April, IBM, MS, and Verisign jointly published a specification for Web Services Security (WS-Security) that provides a set of mechanisms to help developers of Web services secure SOAP message exchanges. This specification has been accepted by OASIS and a new Web Services Technical Committee (The WSS TC) has been formed to move WS-Security to an open standard. The WS-Security specification has been explained in some detail in an earlier paper, Security in a Web Services World: A Proposed Architecture and Roadmap.
Additionally in April, IBM and Microsoft provided a roadmap document that included a conceptual stack identifying additional elements that are important to building security into Web services.
[ Read more ]